UNSIGNEDPREVIEW — NOT A RELEASE — NOT PROCUREMENT‑GRADE. EXPECT HOLD. NOT FOR INCORPORATION BY REFERENCE. Discussion/review only; release‑gate authenticity artifacts are not present/verifiable under the pinned fingerprint. Receipts, not promises. This Zenodo record publishes KCS‑ALP‑L1: Agent Lockdown Profile (ALP‑L1) v1. 0. 0 (Public Draft) — a procurement‑shaped interoperability profile for enterprise agent runtimes with buyer‑run, offline verification of conformance receipts and replay determinism. Included artifacts: Whitepaper PDF (normative), bundle ZIP (offline verifier + fixtures), Release Checklist, publication‑integrity addendum, artifact‑signing public key, and CITATION. cff. Release date: 2026‑02‑18 Canonical standards surface: https: //meridianverity. com/standards/ Project home: https: //meridianverity. com/ Pinned artifact‑signing fingerprint (trust anchor): 9ACD3C8B2E02BD4CAA6742EB7132DE1CAA7BBB01 Normative scope Only the Whitepaper PDF is normative. All other files in this record are supporting artifacts (bundle ZIP, offline verifier + fixtures, templates, addenda, and reviewer/auditor packets). Fail‑closed posture: HOLD blocks sensitive side effects by default when evidence is missing, stale, inconsistent, unverifiable, or non‑deterministic. Fail‑closed / release gate This deposit is UNSIGNEDPREVIEW. Consumers MUST treat this deposit as UNTRUSTED → HOLD (fail‑closed) for any conformance, safety, or procurement acceptance claim. For a future signed release, procurement‑grade status exists if and only if offline verification succeeds under the pinned fingerprint: sha256sum -c SHA256SUMS gpg --verify SHA256SUMS. asc SHA256SUMS What the profile specifies (high level) · Deterministic runtime verdicts (ALLOW / DENY / HOLD) with standardized reason codes. · Deterministic offline outcomes (PASS / FAIL / HOLD) for Evidence Pack verification and replay checks. · Signed allowlist‑only tool/skill invocation (tamper‑evident). · Permit‑before‑send network egress (deny‑by‑default). · Untrusted → trusted boundary enforcement for privileged actions. · Secret isolation + scoped use (no plaintext secrets in prompts, tool output, or logs). · High‑risk action approval gates (HOLD until approval proof exists). · Version pinning + drift detection; stewardship/change‑control expectations. · Portable Evidence Packs with minimal schema/registry surfaces designed for procurement attachment. Interoperability evidence (included) This record includes a reference offline verifier contract and portable fixture Evidence Packs demonstrating expected outcomes (PASS / HOLD / FAIL), including negative and boundary cases, with deterministic receipts + reason codes. Buyer‑run demo from bundle root: python3 verifiercontract/alpₗ1ₒfflineᵥerifier. py verifiercontract/fixtures/ALPSAMPLEPACKTV-ALP-001PASSBASELINEᵥ1. 0. 0. zip python3 verifiercontract/alpₗ1ₒfflineᵥerifier. py verifiercontract/fixtures/ALPSAMPLEPACKTV-ALP-002HOLDALLOWLISTSIGMISSINGᵥ1. 0. 0. zip python3 verifiercontract/alpₗ1ₒfflineᵥerifier. py verifiercontract/fixtures/ALPSAMPLEPACKTV-ALP-005FAILDIGESTMISMATCHᵥ1. 0. 0. zip Security considerations (snapshot) Threat model coverage includes (illustrative): tool injection/capability sprawl, allowlist tampering, data exfiltration, prompt injection, secret leakage, unauthorized high‑risk actions, baseline drift/downgrade, evidence repudiation, and TOCTOU‑style drift. Public‑safe by design The profile and artifacts avoid exploit guidance and do not require disclosure of confidential implementation details by default. License / rights notice CC BY 4. 0 applies to text and supporting artifacts unless a file states otherwise. No patent license by publication. Not legal advice. Integrity / verification Use SHA256SUMS to verify file integrity (SHA‑256) after download/extraction: sha256sum -c SHA256SUMS How to cite Use the Zenodo “Cite as” entry after publication. CITATION. cff is included for convenience.
Yong Bok Lee (Wed,) studied this question.